Imogen Allen

February 20, 2018

The Quick and Easy Website Policy Guide for GDPR

It’s now common knowledge that GDPR (General Data Protection Regulation) is coming into force on 25 May 2018 and it’s even more important than ever that you have the right policies in place on your website. It has always been a legal requirement to have these policies on your website but now it’s even more important to get them right and bring them up to date and GDPR ready. Here’s a quick and easy Website Policy Guide which covers the main areas you need to know about.

There are three policies you need to have on your website and I will address each one in turn. The policies are:-

Website Terms and Conditions

Privacy Policy

Cookies Policy

Website Terms and Conditions

It is a legal requirement that any business that uses a website must have a Terms and Conditions policy even if the website does not sell any goods or services. These are the key points that your website terms should include:-

The details of the website owner or company together with contact details

Details of any permitted uses of website where content can be uploaded to the website by the user

Details of any registration requirements if required

Confirmation of any fees payable to use the website

If the website uses links to other websites a disclaimer of liability must be state that the website owner has no responsibility for content on any linked sites

If the website enables user comments for user generated content it must request that users do not post anything illegal, defamatory or abusive in nature

It needs to ensure that website users understand the limitations of how they may use your website content such as text, images and videos to protect your intellectual property

State the VAT registration details of the company (if applicable)

Include a link to the website privacy and cookies policies

It is important to bear in mind that different types of websites will require additional information such as eCommerce sites, Membership sites and it is important that you seek professional advice to ensure that the website terms and conditions are suitable for your business.

Privacy Policy

With the onset of GDPR, the privacy policy is one policy that needs particular attention. The guidance from the ICO (Information Commissioner’s Office) states that the information companies provide about personal data processing must be:

concise, transparent, intelligible and easily accessible;

written in clear and plain language, particularly if addressed to a child; and

free of charge.

GDPR states that companies must be “transparent by providing a privacy notice is an important part of fair processing. You can’t be fair if you are not being honest and open about who you are and what you are going to do with the personal data you collect.”

The following questions must be addressed when writing a privacy policy:

What information is being collected?

Who is collecting it?

How is it collected?

Why is it being collected?

How will it be used?

Who will it be shared with?

What will be the effect of this on the individuals concerned?

Is the intended use likely to cause individuals to object or complain?

For full details on what information should be included in a Privacy Notice you can view more details on the ICO website here

Cookie Policy

What is a cookie?

The ICO states that “A cookie is a small text file that is downloaded onto ‘terminal equipment’ (eg a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.

In order to comply with the Cookie regulation the ICO states you need to:

tell people the cookies are there;

explain what the cookies are doing and why; and

get the person’s consent to store a cookie on their device.

As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website. It is good practice to reset the Cookie so that people visiting your website do see the cookie policy reminder from time to time.

How to get the right wording for your policies

Firstly, do not copy and paste policy wording from other websites. Each business has their own specific requirements and you should ensure that your policies are suitable for your own business.

In the first instance, you should seek professional guidance to ensure that you have the right documentation for your business.

You can buy policy wording, professionally prepared by a legal team that can be used for your business for example:-

These are just examples of legal firms who provide standard forms which can be used for your business.

You can use a provider such as Iubenda, who specialise in Privacy and Cookies Policies. Policies can be created and displayed electronically on your website. You can also add details of the 3rd party providers that your business uses to collect and stores data as part of your day to day business activities. The beauty of Iubenda is that as legislation changes, the policies are automatically updated to ensure that the wording is still compliant and up to date.

I cannot provide legal advice but I can give you advice on what you need to display on your website and where to display it. If you need any guidance, then please do get in touch.

Disclaimer: Umbrella Digital Media does not give legal advice and recommends that professional assistance is sought to obtain the suitable legal wording for your own business.

Reference Sources

Imogen Allen

Imogen guides businesses to online success. With a combination offering of web design, funnel strategy and online course design, she is an active partner to increase visibility and help businesses deliver more value to their audience and their clients.

By using this form you agree with the storage and handling of your data by this website. *

Imogen Allen

Imogen guides businesses to online success. With a combination offering of web design, funnel strategy and online course design, she is an active partner to increase visibility and help businesses deliver more value to their audience and their clients.